Re: snort inline mode is not working with iptables

[Russ Combs <rcombs () sourcefire com>]

On Sat, Aug 7, 2010 at 4:52 PM, Jason Brvenik
<jason.brvenik () sourcefire com>wrote:

> Comment out all of the include lines in snort.conf, startup should indicate
> 0 rules loaded.
In fact, try creating an empty conf and using that.  Then add just the
alert.

Referring to your original setup, examine the packet log and ensure that you
have all the echo responses (you were in the output chain).

If that looks good run tcpdump on your ping machine and see what, if
anything, is coming back.

>  On Aug 7, 2010 5:21 PM, "Wael" <netchildccie () hotmail com> wrote:
>
> Hello Jason,
>
> If I did not use iptables -j QUEUE; the ping is working.
>
> How Can I run snort with _NO_rule ?!
>
> Regards,
> Wael,
>
>
> On 8/7/10 9:32 PM, "Jason Brvenik" <jasonb () sourcefire com> wrote:
>
> > I would suggest a ground up app...
------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users